For current any wireless network, e.g., a wireless local area network, a wireless metropolitan area network, etc., or a wired network, broadcast/multicast is an essential communication mode, and broadcast is one of energy saving communication modes. As a point-to-point uni-cast, the broadcast/multicast also involves a security issue, in the broadcast/multicast, it is necessary to ensure that a broadcast/multicast entity and message is valid and safe, and for a broadcast/multicast receiving terminal, it is also necessary to limit authority so that only the authorized broadcast/multicast receiving terminal can read out the broadcast/multicast message correctly, based on above mention, it is necessary to realize secure distribution in broadcast/multicast.
The standardization organization of Institute of Electrical and Electronics Engineers (IEEE) defined a series of 802.11 standards to enhance the security of a wireless local area network and provide a mobile terminal with a secure access to a base station, and also to support a secure broadcast/multicast service from the base station to the mobile terminal. Also the Chinese national standard GB15629.11 of wireless local area networks, commonly referred to as the Wireless Local Area Network Authentication and Privacy Infrastructure (WAPI) protocol, was published in China in May, 2003 to provide a secure access from the mobile terminal to the base station and support a secure broadcast/multicast service from the base station to the mobile terminal.
In the 802.11 and the WAPI, a broadcast/multicast key is encrypted with predefined uni-cast keys respectively and then encrypted broadcast/multicast keys are distributed. That is, a base station selects a broadcast/multicast key and then encrypts the broadcast/multicast key with corresponding uni-cast keys shared by the base station with mobile terminals, and then the base station distributes encrypted broadcast/multicast keys to the corresponding mobile terminals respectively. After receiving encrypted broadcast/multicast key message, each of the mobile terminals may decrypt the encrypted broadcast/multicast key message by using a corresponding uni-cast key shared with the base station and obtain the broadcast/multicast key. The base station can operate secure broadcast/multicast after all of the terminals obtain the same broadcast/multicast key. The foregoing process has to be repeated if the broadcast/multicast key needs update.
The method at least existing the following drawbacks:
1) in the method, the broadcast/multicast key only could be distributed based on reverse channel, so in some network systems without reverse channel, the broadcast/multicast key cannot be distributed;
2) low security. Since each of the mobile terminals is provided with the same broadcast/multicast key, the broadcast/multicast key is more likely to be revealed by a mobile terminal to other mobile terminal; and
3) low efficiency of an update of the broadcast/multicast key. If the broadcast/multicast key needs be updated, distributing a broadcast/multicast key has to be repeated, that is, the base station selects a broadcast/multicast key and then encrypts the broadcast/multicast key with corresponding uni-cast keys shared by the base station with mobile terminals, and then the base station distributes encrypted broadcast/multicast keys to the corresponding mobile terminals respectively.
The standard of wireless metropolitan area networks proposed by the U.S. IEEE, i.e., the standard of IEEE 802.16, on secure broadcast/multicast issue, also has similar drawbacks. Subsequently a revised solution was provided in the IEEE 802.16e but still has at least the following drawbacks.
1) It also depends on a defined uni-cast key and is inapplicable to a network system offering only a broadcast/multicast service; and
2) managing the broadcast/multicast key via temporal synchronization mode, and statuses management thereof is complicated. In temporal synchronization mode, a new broadcast/multicast key is enabled or disabled depending on temporal judgment; and it is complex to maintain a synchronous clock in a distributed system, managing a large number of system statuses is very complicated.
Apparently a secure broadcast/multicast service which does not depend upon a secure uni-cast channel is of great importance, and therefore it is highly desired to propose a method for distributing and updating a broadcast/multicast key to build a secure broadcast/multicast system